Security Briefs: Breaches Increase, Trojans Displace Worms

Despite increased security spending, the number of security breaches also increases. Plus, how Trojan applications have displaced worms and viruses as top threats—and why.

Briefs:

Security Breaches Continue to Increase

Despite continued increases in security spending, companies continue to experience an increasing number of security breaches.

In the past year, according to new research, more than 84 percent of companies suffered a security breach, a 17 percent increase from 2003. Twenty-two percent of companies also endured at least one internal security breach.

The survey of 642 large North American enterprises, conducted by the Strategic Counsel for CA, discovered numerous repercussions from such breaches. Over half of companies suffered lost employee productivity, one-quarter faced public embarrassment, and 20 percent lost revenue or customers.

What’s the cause of so many breaches? According to CA, “nearly 40 percent of respondents indicated that their organizations don’t take IT security risk management seriously at all levels, while 37 percent believe their organization’s security spending is too low.” Almost no company labeled their organization’s security spending as sufficient.

“These survey results demonstrate that even though organizations are investing in security technologies, they still aren’t achieving the results they seek,” says Toby Weiss, senior vice president and general manager of CA’s security management business unit. “Clearly, more work needs to be done in terms of both improved security management itself and better education of business users about the importance of IT security best practices.”

Organizations, however, are putting in place a number of processes to better defend against breaches, including improved security policies (at 88 percent of organizations), better security education programs for employees (83 percent), and the creation of a chief security officer position (68 percent) to oversee and coordinate strategic information security efforts.

Trojans Continue to Best Viruses

What’s infecting your computer? The days of viruses and worms appear to be waning as Trojan applications, spyware, and phishing attacks increasingly get the drop on users’ PCs.

Trojan applications are now four times as prevalent as viruses and worms, reports UK-based antivirus software vendor Sophos Plc. That’s an increase from the first half of 2005, when Trojans were simply twice as prevalent as viruses and worms.

Today, 82 percent of new threats are Trojan applications. Such applications can’t spread by themselves, so criminals often distribute them via other malware. Spam is another typical Trojan transmission mechanism. In fact, “the Clagger family of Trojan horses have [sic] been spammed out so aggressively they collectively account for the eighth most prevalent threat,” says Sophos. To trick users into opening them, the Clagger e-mails often purport to be from such companies as Amazon.com or Paypal.

Another trend is the targeting of small groups of users, with “the lower profile attack heightening the chances of tricking users into handing over money or information,” says Sophos.

The impetus appears to be financial. “The criminals responsible are obviously making money from their code, otherwise they’d give up the game,” says Graham Cluley, senior technology consultant at Sophos. As a result, “it’s more vital than ever that all organizations use an integrated security solution to protect against intrusion, as well as blocking known and unknown malware.”

What effect could Vista, Microsoft’s next-generation Windows operating system—due to be released to enterprises late this year—have on viruses, worms, and other malware? According to Sophos, Vista “incorporates a number of new features which should harden the operating system against attack.” As a result, Vista “will also probably force malware writers to re-assess the techniques they are using for both regular malware and rootkits. Existing rootkits will most likely not work, simply because of changes in the underlying operating system.”

Of course, attackers seem to have a predilection for Windows, and “it may just be a matter of time before the bad guys learn enough about Vista to build rootkits or other malware with the equivalent degree of stealth capability,” says Sophos.

Related Articles:

About the Author

Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.